<?php
	include('config.php');
	session_start();
	
	if (isset($_SESSION['login_user'])) {
		$user_check=$_SESSION['login_user'];
		$ses_sql=mysql_query("select * from user where user_ID='$user_check' ");

		$row=mysql_fetch_array($ses_sql);

		$login_session=$row['user_ID'];

		if(!isset($login_session))
		{

		echo "unauthorized";
		exit;
		}
	}
	else {
	echo "unauthorized";
		exit;
	}
  //store into cart upon clicking add
  if($_SERVER["REQUEST_METHOD"] == "POST")
  {
    if(isset($_POST['addID']))
    { 
      $add = addslashes($_POST['addID']);
      $sql=("INSERT INTO cart (demo_ID, user_ID) VALUES ('$add','$login_session')");
      mysql_query($sql);
	  
		$query = mysql_query("SELECT DISTINCT demo_ID FROM cart WHERE user_ID=$login_session");
		if (mysql_num_rows($query) == 0) {
			echo "<span>";
			echo "<h3>Shopping Cart</h3>";
			echo "<p>Your cart: 0 </p>";
			echo "</span>";
		}
		else {
			$totalprice = 0;
			echo "<span>";
			echo "<h3> Shopping Cart </h3>";
				echo "<p> Your Cart:</p>";
				echo "<table>";
			while($row=mysql_fetch_array($query, MYSQL_ASSOC)) {		
				echo "<tr>";
				$game = mysql_query("SELECT * FROM demo WHERE demo_ID=" . $row['demo_ID']);
				$result = mysql_fetch_assoc($game);
				echo "<td>" . $result['demo_name'] . "</td>";
				$did = $row['demo_ID'];
				$counter = mysql_query("SELECT * FROM cart WHERE user_ID=$login_session AND demo_ID=$did");
				echo "<td>x" . mysql_num_rows($counter) . "</td>";
				$price = floatval($result['demo_price']);
				$counter = floatval(mysql_num_rows($counter));
				$price = $price * $counter;
				echo "<td>$" . $price . "</td>";
				$totalprice += $price;
				echo "</tr>";
			}
			echo "</table>";
			echo "Total is $" . $totalprice;
			echo "</span>";
		}
	  
    }
  }
?>